6f11b2269c38bb075439a4b480f0da8bb3a912e1160e6b4b6d3e0cb8810ec0b6

Sharing

Copy URL

Twitter E-mail

General

Target

Wondershare_Filmora_13.0.60.5095.zip
Size

551.7MB
Sample

240525-xaqnladg8y
MD5

2855ccdb68cb90398e8f31ae95b0f57e
SHA1

d0a05dc0c05745805a8015cd7efb282b028febef
SHA256

6f11b2269c38bb075439a4b480f0da8bb3a912e1160e6b4b6d3e0cb8810ec0b6
SHA512

8f7a3ae699e23a0e3dbbd97be639f744ff16871b5752c06af3f507241abfc32d41250339b7be93360d83832545eaea7bc346ec6d43d64caefdb40575109c1a3a
SSDEEP

12582912:aQk0UvRQMyB+/X/kFBbSMOTHmZJXF3iLQotVs1OknpvgstatpG6Oyfe:aNnQ5c/XcFZSM1JViLZtV9kF1aDG6Oz

Score

9^/10

Malware Config

Targets

- Target
  
  Wondershare_Filmora_13.0.60.5095.zip
- Size
  
  551.7MB
- MD5
  
  2855ccdb68cb90398e8f31ae95b0f57e
- SHA1
  
  d0a05dc0c05745805a8015cd7efb282b028febef
- SHA256
  
  6f11b2269c38bb075439a4b480f0da8bb3a912e1160e6b4b6d3e0cb8810ec0b6
- SHA512
  
  8f7a3ae699e23a0e3dbbd97be639f744ff16871b5752c06af3f507241abfc32d41250339b7be93360d83832545eaea7bc346ec6d43d64caefdb40575109c1a3a
- SSDEEP
  
  12582912:aQk0UvRQMyB+/X/kFBbSMOTHmZJXF3iLQotVs1OknpvgstatpG6Oyfe:aNnQ5c/XcFZSM1JViLZtV9kF1aDG6Oz
Score

9^/10

bootkit discovery evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_8Bit.dll
- Size
  
  24.2MB
- MD5
  
  ca3ce08c438a38bdcdf5cd3160f8164a
- SHA1
  
  da9c9ef072b7ff6a89e319ca675ad3f8154f33c4
- SHA256
  
  012578e8552356637d8fea99953d02d45799d8dd5697da3e0d98b4c6e202fac9
- SHA512
  
  7eee3e16133a26ae01c7a61bfdbf616ca6004f7fb2bf039451af5b3b48525bb2c70505d6fa28f3886b4ab33546c82c85f015b18e1871ba54e64687342fef4ed2
- SSDEEP
  
  196608:Hvwz+Zmewfx/K/AVLpMVpzA68iGbENqHByAXzH:BIbJpWEHh
Score

1^/10
behavioral3 behavioral4
- Target
  
  Wondershare_Filmora_13.0.60.5095/Crack/Continuum_OFX_Float.dll
- Size
  
  24.4MB
- MD5
  
  acab3b470d7bc82d6bcb1c5e62c2fd71
- SHA1
  
  0002ec185f8151bef9f6f69d18fe59531d2fe900
- SHA256
  
  885004022360144fa595b6c78a88bb9279b25bd8632b1d3da83785df276dfcd3
- SHA512
  
  6ab4f1d9fac60820a31ef4465d2c7f9b82fc59d055abef550f3becfbbd76b0f5822d604503c38fa0844e5dd6ca4c68189ed619461a0eab3d8749a53305cf81a1
- SSDEEP
  
  98304:jG2XvmrVlLKWmY96zFWP3LR9nTgPeWKcgRyGY3ppMGqU49pGm1gSYvLSyEF:yZrVl+Wv60P3LRVUXgbY3og49UD9LSbF
Score

1^/10
behavioral5 behavioral6
- Target
  
  Wondershare_Filmora_13.0.60.5095/Crack/Patch.exe
- Size
  
  32.1MB
- MD5
  
  b26a4b5fb6fc09689ffcc83ad1635c17
- SHA1
  
  7c047e6d2fb7a55f583d41ec6484b62300a2a683
- SHA256
  
  52104d3d55eea30c34424fc7df94bea2df81d0ace2a579f814bcd743ae345841
- SHA512
  
  5478673949ec1b4d9d1dcb4cffa48433613b27539c5b1bf5641e8a5371300215fb0a884ba614fab198173b17f18779ff49de69a4565e2a880fc1e39f1e4a63d3
- SSDEEP
  
  786432:39OVLxap2s1SljuTMbJ1CPj7zWeVTSVXkCjEV7:taaB1SkHxVTStfM7
Score

1^/10
behavioral7 behavioral8
- Target
  
  Wondershare_Filmora_13.0.60.5095/Crack/Readme.txt
- Size
  
  1015B
- MD5
  
  4bdcb376a230628244bfe4bc529ff026
- SHA1
  
  ca8b965188a0eca405a295e403d35e3ef30c593c
- SHA256
  
  b231c756b4d7999d762de919f3d10c9fa97562f2ec058bcfa93cabed02d2073e
- SHA512
  
  fc2333ca5a88669dda79ce455c78050c0203d10a2134138d01df0ae86c7c6ea229b0b9249da7fbc7cfd4f05c3002ff46c526a75dc75d69a5588e46831596b3f3
Score

1^/10
behavioral10 behavioral9
- Target
  
  Wondershare_Filmora_13.0.60.5095/filmora_64bit_13.0.60_full846.exe
- Size
  
  506.8MB
- MD5
  
  1c2471a5d46b0aac3ddb2757a72a2b62
- SHA1
  
  fb4e1450e506712480ae72c696a381f49e3670e5
- SHA256
  
  1467d00b1c386bf826613a42b09ce18664f59076ee78dcfcd010ef0e98bc73e2
- SHA512
  
  956ac3186d7356c726f6c76ad42ca673acb40767561f3f868e7837feb853c4645615392ace6e8db6f00f8c49099faf08095bdf66ebe3ad8bef7bd2f3d62a92d0
- SSDEEP
  
  12582912:33Ms0X3yYGTI/NNKlA3qBuS4QaT5d2CVd+vh4Z8ph3DS8dYXXmig60F:3crytM/Nsl8uuSs5sCVwvhrzzfYHmig/
Score

4^/10
behavioral11 behavioral12